Customer Support: +1 416-401-8730

Login to i2i Subscription Intertek.com
  • There are no items in your cart
Please enter a keyword to search
Advanced search
Home
AS
AS 2805.3-2000

AS 2805.3-2000

Superseded

Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by
superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

Electronic funds transfer - Requirements for interfaces - PIN management and security

Available format(s)

Hardcopy , PDF 1 User , PDF 3 Users , PDF 5 Users , PDF 9 Users

Superseded date

06-30-2017

Language(s)

English

Published date

01-01-2000

Publisher

Standards Australia

Preview

1 - AS 2805.3-2000 ELECTRONIC FUNDS TRANSFER - REQUIREMENTS FOR INTERFACES - PIN MANAGEMENT AND SECURITY
4 - PREFACE
5 - CONTENTS
6 - FOREWORD
7 - 1 SCOPE
7 - 2 APPLICATION
7 - 3 REFERENCED DOCUMENTS
8 - 4 DEFINITIONS
8 - 4.1 Acquirer
8 - 4.2 Algorithm
8 - 4.3 Authentication
8 - 4.4 Block encipherment
8 - 4.5 Card acceptor
8 - 4.6 Card issuer
8 - 4.7 Cardholder
8 - 4.8 Cipher text
8 - 4.9 Compromise
8 - 4.10 Cryptographic key
8 - 4.11 Data encipherment algorithm 3 (DEA 3)
8 - 4.12 Decipherment
8 - 4.13 Dual control
8 - 4.14 Encipherment
9 - 4.15 Financial institution
9 - 4.16 Identification
9 - 4.17 Interchange
9 - 4.18 Irreversible encipherment
9 - 4.19 Irreversible transformation of a key
9 - 4.20 Modulo 2 addition
9 - 4.21 Node
9 - 4.22 Notarization
9 - 4.23 Offset
9 - 4.24 Parity
9 - 4.25 Parity bit
9 - 4.26 Personal identification number (PIN)
9 - 4.27 PIN assignment
9 - 4.28 PIN issuance
9 - 4.29 PIN offset
10 - 4.30 PIN verification
10 - 4.31 Plain text
10 - 4.32 Point of service (POS)
10 - 4.33 Primary account information
10 - 4.34 Primary account number (PAN)
10 - 4.35 Pseudo-random
10 - 4.36 Reversible encipherment
10 - 4.37 Secure cryptographic device (SCD)
10 - 4.38 Transaction PIN
10 - 4.39 True random
10 - 4.40 Variant of a key
10 - 5 SECURITY
10 - 5.1 General
10 - 5.2 Transmission and storage
11 - 5.3 PIN accessibility
11 - 5.4 Verbal communications
11 - 5.5 Insecure devices
11 - 5.6 Record of transactions containing PIN data
11 - 6 PIN GENERATION AND ASSIGNMENT
11 - 6.1 General
11 - 6.2 Assigned derived PIN
11 - 6.3 Assigned random PIN
12 - 6.4 Customer selected PIN
12 - 7 PIN DELIVERY AND ISSUANCE
12 - 7.1 PIN mailing to customer
12 - 7.2 Delivery of customer selected PIN
13 - 7.3 PIN change
14 - 8 PIN ACTIVATION
14 - 9 PIN STORAGE
14 - 10 PIN ENTRY TECHNIQUES
14 - 10.1 General
15 - 10.2 PIN entry device considerations
17 - 11 PIN VERIFICATION
17 - 12 PIN TRANSMISSION
17 - 12.1 General
17 - 12.2 Network nodes or subsystems
17 - 12.3 Cryptographic PIN security
18 - 13 PIN BLOCK FORMATS AND CONSTRUCTION
18 - 13.1 Standard PIN block formats
18 - 13.2 PIN block construction
20 - 13.3 Cipher text PIN format
20 - 13.4 Other PIN block formats
20 - 14 PIN DEACTIVATION
21 - APPENDIX A - OVERVIEW
21 - A1 PIN MANAGEMENT FOR SECURITY
21 - A1.1 General
21 - A1.2 Obligations
21 - A1.3 Example
22 - A1.4 Problems
22 - A2 RISK ASSESSMENT
23 - A3 POSSIBLE FRAUD THREATS IN THE EVENT OF PIN DISCLOSURES
23 - A3.1 General
23 - A3.2 Lost or stolen cards
23 - A3.3 Counterfeit cards (‘mass fraud’)
24 - A4 DETERMINATION OF PIN FOR FRAUDULENT USE
24 - A4.1 General
24 - A4.2 Card-issuing institution
24 - A4.3 PIN delivery system
25 - A4.4 Customer
25 - A4.5 EFT system
26 - A5 RELATIVE RISKS
27 - APPENDIX B - EXAMPLE OF PIN DERIVATION METHOD
28 - APPENDIX C - INFORMATION FOR CUSTOMERS

Specifies minimum requirements for protecting the personal identification number (PIN), used as a means of verifying the identity of a customer within an electronic funds transfer (EFT) network, against unauthorized disclosure, compromise, and misuse throughout its life cycle, and in so doing, to minimize the risk of fraud occurring within EFT systems.

This Standard specifies the minimum security measures required for effective PIN management. Standard means of interchanging PIN data are provided. This Standard does not cover the following:(a) The protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer.(b) Privacy of non-PIN transaction data (see AS 2805.9).(c) Protection of transaction messages against alteration or substitution, e.g. an authorization response to a PIN verification (see AS 2805.4).(d) Protection against replay of the PIN or transaction.(e) Specific key management techniques (see AS 2805.6 series).(f) PIN management and security for transactions conducted using integrated circuit cards (ICC).(g) The use of asymmetric encipherment algorithms for PIN management.NOTE: For a detailed discussion on the need for personal identification number (PIN) protection, see Appendix A.(h) Physical and logical security (see AS 2805.14.1).NOTE: Further information on PIN management for security is given in Appendices A and C.

Committee
IT-005
DocumentType
Standard
ISBN
0 7337 3357 3
Pages
22
PublisherName
Standards Australia
Status
Superseded
SupersededBy
Supersedes
UnderRevision

First published as AS 2805.3-1985.Second edition 2000. First published as AS 2805.3-1985. Second edition 2000.

AS 2805.5.4-2000 Electronic funds transfer - Requirements for interfaces Ciphers - Data encipherment algorithm 3 (DEA 3) and related techniques
AS 3523-1988 Identification cards - Numbering system and registration procedure for issuer identifiers
AS 2805.5.2-1992 Electronic funds transfer - Requirements for interfaces - Ciphers Modes of operation for an n-bit block cipher algorithm
AS 2805.9-1991 Electronic funds transfer - Requirements for interfaces - Privacy of communications
AS 2805.9-2000 Electronic funds transfer - Requirements for interfaces Privacy of communications
AS 2805.14.1-2000 Electronic funds transfer - Requirements for interfaces Secure cryptographic devices (retail) - Concepts, requirements and evaluation methods
AS 2805.4-1985 Electronic funds transfer - Requirements for interfaces - Message authentication

AS 2805.6.3-2000 Electronic funds transfer - Requirements for interfaces Key management - Session keys - Node to node
AS 2805.6.6-2006 Electronic funds transfer - Requirements for interfaces Key management - Session keys - Node to node with KEK replacement
AS 2805.6.2-2002 Electronic funds transfer - Requirements for interfaces Key management - Transaction keys (Reconfirmed 2013)
AS 3769-1990 Automatic teller machines - User access
AS 2805.8-1986 Electronic funds transfer - Requirements for interfaces - Financial institution message content
AS 2805.6.1-2002 Electronic funds transfer - Requirements for interfaces Key management - Principles
AS 2805.7-1986 Electronic funds transfer - Requirements for interfaces - POS message content
AS 2805.6.4-2001 Electronic funds transfer - Requirements for interfaces Key management - Session keys - Terminal to acquirer
AS 2805.6.4-2006 Electronic funds transfer - Requirements for interfaces Key management - Session keys - Terminal to acquirer

View more information
US$69.34
Excluding Tax where applicable
USD
CAD
CHF
CNY
DKK
EUR
GBP
HKD
IDR
INR
JPY
KRW
MXN
NOK
NZD
SEK
SGD
USD
ZAR
Hardcopy - English
PDF 1 User - English
PDF 3 Users - English
PDF 5 Users - English
PDF 9 Users - English
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.

Learn more on subscription solutions

or

Get in touch with us